CVE-2020-8694
published 2020-11-12CVE-2020-8694: Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information…
PriorityP422medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.45%
35.6th percentile
Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 5.9.9-1 (bookworm) | linux 5.9.9-1 (bookworm) |
| github.com | containerd_containerd | >= 0 < 1.6.26 | 1.6.26 |
| github.com | containerd_containerd | >= 1.7.0 < 1.7.11 | 1.7.11 |
| github.com | docker_docker | >= 0 < 20.10.27 | 20.10.27 |
| github.com | docker_docker | >= 21.0.0 < 23.0.8 | 23.0.8 |
| github.com | docker_docker | >= 24.0.0 < 24.0.7 | 24.0.7 |
| linux | linux_kernel | >= 0 < 5.9.9-1 | 5.9.9-1 |
| linux | linux_kernel | >= 0 < 5.9.9-1 | 5.9.9-1 |
| linux | linux_kernel | >= 0 < 5.9.9-1 | 5.9.9-1 |
| linux | linux_kernel | >= 0 < 5.9.9-1 | 5.9.9-1 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
ghsa5.5MEDIUM
osv5.5MEDIUM
vendor_debian5.5MEDIUM
vendor_redhat5.5MEDIUM
vendor_ubuntu5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens Industrial PCs and CNC devices (Update A)
cisa_ics·2022-05-12
Siemens Industrial PCs and CNC devices (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens Industrial PCs and CNC devices (Update A)
Last RevisedDecember 15, 2022
Alert CodeICSA-22-132-05
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.8
- ATTENTION: Low attack complexity
- Vendor: Siemens
- Equipment: Industrial PCs and CNC devices
- Vulnerabilities: Improper Input Validation, Improper Authentication, Improper Isolation of Shared Resources on System-on-a-Chip, Improper Privilege Management
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-22-132-05 Siemens Industrial PCs and CNC devices that was published May 12, 202
Ubuntu
Linux kernel vulnerability
vendor_ubuntu·2020-11-11
CVE-2020-8694 Linux kernel vulnerability
Title: Linux kernel vulnerability
Summary: The system could be made to expose sensitive information.
Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine
Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running
Average Power Limit (RAPL) driver in the Linux kernel did not properly
restrict access to power data. A local attacker could possibly use this to
expose sensitive information.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel meta
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2020-11-11·CVSS 5.5
CVE-2020-8694 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Simon Scannell discovered that the bpf verifier in the Linux kernel did not
properly calculate register bounds for certain operations. A local attacker
could use this to expose sensitive information (kernel memory) or gain
administrative privileges. (CVE-2020-27194)
Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine
Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running
Average Power Limit (RAPL) driver in the Linux kernel did not properly
restrict access to power data. A local attacker could possibly use this to
expose sensitive information. (CVE-2020-8694)
Instructions: After a standard system update you need to reboot your computer to make
all
Red Hat
kernel: Insufficient access control vulnerability in PowerCap Framework
vendor_redhat·2020-11-10·CVSS 5.5
CVE-2020-8694 [MEDIUM] CWE-284 kernel: Insufficient access control vulnerability in PowerCap Framework
kernel: Insufficient access control vulnerability in PowerCap Framework
Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
A flaw was found in the Linux kernel's implementation of Intel's Running Average Power Limit (RAPL) implementation. A local attacker could infer secrets by measuring power usage and also infer private data by observing the power usage of calculations performed on the data.
Mitigation: A temporary measure would be to remove the ability for non-root users
to read the current RAPL energy reporting metrics.
This can be done with the command:
$ sudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj
This mitigation will only work on the curren
Debian
CVE-2020-8694: linux - Insufficient access control in the Linux kernel driver for some Intel(R) Process...
vendor_debian·2020·CVSS 5.5
CVE-2020-8694 [MEDIUM] CVE-2020-8694: linux - Insufficient access control in the Linux kernel driver for some Intel(R) Process...
Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Scope: local
bookworm: resolved (fixed in 5.9.9-1)
bullseye: resolved (fixed in 5.9.9-1)
forky: resolved (fixed in 5.9.9-1)
sid: resolved (fixed in 5.9.9-1)
trixie: resolved (fixed in 5.9.9-1)
OSV
containerd allows RAPL to be accessible to a container
osv·2023-12-19·CVSS 5.5
[MEDIUM] containerd allows RAPL to be accessible to a container
containerd allows RAPL to be accessible to a container
# /sys/devices/virtual/powercap accessible by default to containers
Intel's RAPL (Running Average Power Limit) feature, introduced by the Sandy Bridge microarchitecture, provides software insights into hardware energy consumption. To facilitate this, Intel introduced the powercap framework in Linux kernel 3.13, which reads values via relevant MSRs (model specific registers) and provides unprivileged userspace access via `sysfs`. As RAPL is an interface to access a hardware feature, it is only available when running on bare metal with the module compiled into the kernel.
By 2019, it was realized that in some cases unprivileged access to RAPL readings could be exploited as a power-based side-channel against security features including
GHSA
containerd allows RAPL to be accessible to a container
ghsa·2023-12-19·CVSS 5.5
[MEDIUM] containerd allows RAPL to be accessible to a container
containerd allows RAPL to be accessible to a container
# /sys/devices/virtual/powercap accessible by default to containers
Intel's RAPL (Running Average Power Limit) feature, introduced by the Sandy Bridge microarchitecture, provides software insights into hardware energy consumption. To facilitate this, Intel introduced the powercap framework in Linux kernel 3.13, which reads values via relevant MSRs (model specific registers) and provides unprivileged userspace access via `sysfs`. As RAPL is an interface to access a hardware feature, it is only available when running on bare metal with the module compiled into the kernel.
By 2019, it was realized that in some cases unprivileged access to RAPL readings could be exploited as a power-based side-channel against security features including
GHSA
/sys/devices/virtual/powercap accessible by default to containers
ghsa·2023-10-30·CVSS 5.5
[MEDIUM] /sys/devices/virtual/powercap accessible by default to containers
/sys/devices/virtual/powercap accessible by default to containers
Intel's RAPL (Running Average Power Limit) feature, introduced by the Sandy Bridge microarchitecture, provides software insights into hardware energy consumption. To facilitate this, Intel introduced the powercap framework in Linux kernel 3.13, which reads values via relevant MSRs (model specific registers) and provides unprivileged userspace access via `sysfs`. As RAPL is an interface to access a hardware feature, it is only available when running on bare metal with the module compiled into the kernel.
By 2019, it was realized that in some cases unprivileged access to RAPL readings could be exploited as a power-based side-channel against security features including AES-NI (potentially inside a SGX enclave) and KASLR (kern
OSV
/sys/devices/virtual/powercap accessible by default to containers
osv·2023-10-30·CVSS 5.5
[MEDIUM] /sys/devices/virtual/powercap accessible by default to containers
/sys/devices/virtual/powercap accessible by default to containers
Intel's RAPL (Running Average Power Limit) feature, introduced by the Sandy Bridge microarchitecture, provides software insights into hardware energy consumption. To facilitate this, Intel introduced the powercap framework in Linux kernel 3.13, which reads values via relevant MSRs (model specific registers) and provides unprivileged userspace access via `sysfs`. As RAPL is an interface to access a hardware feature, it is only available when running on bare metal with the module compiled into the kernel.
By 2019, it was realized that in some cases unprivileged access to RAPL readings could be exploited as a power-based side-channel against security features including AES-NI (potentially inside a SGX enclave) and KASLR (kern
GHSA
GHSA-vf5j-54pj-5cc2: Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information
ghsa_unreviewed·2022-05-24
CVE-2020-8694 [MEDIUM] GHSA-vf5j-54pj-5cc2: Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information
Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
OSV
CVE-2020-8694: Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information
osv·2020-11-12·CVSS 5.5
CVE-2020-8694 [MEDIUM] CVE-2020-8694: Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information
Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
No detection rules found.
No public exploits indexed.
arXiv
DeepTheft: Stealing DNN Model Architectures through Power Side Channel
arxiv_fulltext·2023-09-21
DeepTheft: Stealing DNN Model Architectures through Power Side Channel
: Stealing DNN Model Architectures through Power Side Channel
Yansong Gao1, Huming Qiu2, Zhi Zhang3, Binghui Wang4,
Hua Ma5, Alsharif Abuadbba1, Minhui Xue1, Anmin Fu6, Surya Nepal1
1CSIRO's Data61 2Fudan University 3The University of Western Australia
4Illinois Institute of Technology 6Nanjing University of Science and Technology 5The University of Adelaide
Yansong Gao. Email: [email protected]
Zhi Zhang is the corresponding author. Email: [email protected]
firstpage
## Abstract
Deep Neural Network (DNN) models are often deployed in resource-sharing clouds as Machine Learning as a Service (MLaaS) to provide inference services.
To steal model architectures that are of valuable intellectual properties, a class of attacks has been proposed via different side-channel leakage,
Bugzilla
CVE-2020-8694 kernel: Insufficient access control vulnerability in PowerCap Framework
bugzilla·2020-04-27·CVSS 5.5
CVE-2020-8694 [MEDIUM] CVE-2020-8694 kernel: Insufficient access control vulnerability in PowerCap Framework
CVE-2020-8694 kernel: Insufficient access control vulnerability in PowerCap Framework
A 'power analysis' side channel was found in the PowerCap framework. A local authenticated attacker can potentially use the powercap measurements to infer usually private information by measuring the power used by operations on the hidden information.
Discussion:
Mitigation:
A temporary measure would be to remove the ability for non-root users
to read the current RAPL energy reporting metrics.
This can be done with the command:
$ sudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj
This mitigation will only work on the current boot and will need to be reapplied at each system boot to remain in effect.
---
Acknowledgments:
Name: Intel
---
Created kernel tracking bugs for this issue:
Affe
https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdfhttps://lists.debian.org/debian-lts-announce/2020/12/msg00015.htmlhttps://lists.debian.org/debian-lts-announce/2020/12/msg00027.htmlhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdfhttps://lists.debian.org/debian-lts-announce/2020/12/msg00015.htmlhttps://lists.debian.org/debian-lts-announce/2020/12/msg00027.htmlhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389
2020-11-12
Published